The DefendOps DiariesAug 10, 2025

Royal & BlackSuit wreaked havoc with multi-million-dollar ransom schemes and double-extortion tactics, crippling healthcare and government operations. Now, rumors of a “Chaos” rebrand have everyone on edge – what’s their next move?

https://thedefendopsdiaries.com/the-rise-and-impact-of-royal-and-blacksuit-ransomware-gangs/

#ransomware
#cybersecurity
#infosectrends
#royalransomware
#blacksuitransomware

The Rise and Impact of Royal and BlackSuit Ransomware Gangs

Explore the rise and impact of Royal and BlackSuit ransomware gangs on global cybersecurity.

The DefendOps Diaries
🛡 [email protected]/:~# Sep 25, 2023

"🔥 Dallas Under Siege: Royal Ransomware Strikes! 🔥"

The City of Dallas reveals that the Royal ransomware attack in May began with a compromised account. The city had to shut down all IT systems as a precaution after their network printers began printing out ransom notes the morning of the incident.

Dallas, Texas faced a nasty ransomware attack by the Royal gang, starting with a stolen account. From early April to May, the gang got into the city's network, swiping over a terabyte of files before dropping ransomware into the system on May 3rd.

The city fought back, taking crucial servers offline and starting the long process of fixing things up with the help of cybersecurity experts. It took over five weeks to get all servers back up, from the financial to the waste management ones.
The attack exposed personal info of over 30,000 individuals, costing the city a whopping $8.5 million for recovery efforts. The Royal gang, known for its sneaky phishing attacks and exploiting security flaws, emerged as a big threat in the cyber world, especially targeting enterprises. 🌆💻🔓

Source: BleepingComputer

Tags: #Ransomware #Dallas #CyberAttack #InfoSec #RoyalRansomware 🏙️🔒🚫

Dallas says Royal ransomware breached its network using stolen account

The City of Dallas, Texas, said this week that the Royal ransomware attack that forced it to shut down all IT systems in May started with a stolen account.

BleepingComputer
FreemindSep 25, 2023

The cybercriminals also prepared for the deployment of the ransomware by placing Cobalt Strike command-and-control beacons throughout the City’s systems.

#Cyberattacks #Dallas #Cybersecurity #Texas #Ransomware #USA #RoyalRansomware

https://cybersec84.wordpress.com/2023/09/25/royal-ransomware-breached-dallas-network-using-stolen-account/

Royal Ransomware Breached Dallas Network Using Stolen Account

The City of Dallas in Texas, has disclosed that the Royal ransomware attack, which led to the shutdown of all IT systems in May, originated from a stolen account. Royal managed to gain entry into t…

CyberSec84 | Cybersecurity news.
Jon GreigJul 12, 2023

One of the U.S.’s most popular zoos has been hit with a cyberattack involving the theft of employee and vendor information, and a likely offshoot of the Royal ransomware gang is taking credit

#zootampa #blacksuit #royalransomware

https://therecord.media/tampa-zoo-targeted-in-cyberattack

Tampa Bay zoo targeted in cyberattack by apparent offshoot of Royal ransomware

One of the U.S.’s most popular zoos has been hit with a cyberattack involving the theft of employee and vendor information, and a likely offshoot of the Royal ransomware gang is taking credit.

DIESECMay 25, 2023
New Threat Analysis Report Alert 🔥🚨: Check out our latest article on the Royal Ransomware and understand how it targets its victims. Don't miss out on this essential cybersecurity information! #cybersecurity #ransomware #royalransomware #threatanalysis https://diesec.com/2023/04/royal-ransomware-threat-analysis/
Royal Ransomware: Threat Analysis | DIESEC

Want to know more about cybersecurity? Read article "Royal Ransomware: Threat Analysis"

DIESEC
IntelSoup May 10, 2023

Great write up by Unit 42 on Royal ransomware

https://unit42.paloaltonetworks.com/royal-ransomware/

#royalRansomware #ransomware #ransomwaregroup

Threat Assessment: Royal Ransomware

Royal ransomware has made notable attacks against sectors such as healthcare and infrastructure. Our overview includes victimology and functionality.

Unit 42
Mark DunkMay 2, 2023
Ransomware Gang Claims Edison Learning Data Theft -- THE Journal https://thejournal.com/articles/2023/05/01/ransomware-gang-claims-edison-learning-data-theft.aspx
#ransomware #edisonlearning #royalransomware #security #privacy #hacker #education #school #edtech
Ransomware Gang Claims Edison Learning Data Theft -- THE Journal

The Royal Ransomware is claiming to have infiltrated public school management and virtual learning provider Edison Learning, posting on its dark web data leak site on Wednesday, April 26, that it had stolen 20GB of the company’s data “including personal information of employees and students” and threatening to post the data “early next week.”

THE Journal
DarkWebMallCopFeb 2, 2023
Some hooplehead claiming to represent #lockbit and another hooplehead claiming to represent #royalransomware are shit talking each other on a certain Russian language crime platform and I am pretty amused.
Geekmaster 👽Dec 15, 2022
I have been seeing A LOT of verified compromises circulating hacker forums because of #BlackCat, #LockBit, #HiveRansomware, #Mallox, #BlackBasta #RoyalRansomware, #BianLian, #CubaRansomware, #BloodyRansomwareGang, #RansomEXX - I'm talking multiple terabytes of data, hundreds of millions of account details, across pretty much every single sector. Most common method of infection? #BusinessEmailCompromise! Be super mindful of the links you click on, the attachments you download, and the sites you visit
Alejandro Dec 1, 2022

Any intel on the ongoing Royal Ransomware campaign against high profile companies? (e.g. ARSAT)

#royal #ransomware #vpn #vpnransomware #RoyalRansomware